TWI835134B - Card reader and controller thereof, and method for permission management - Google Patents
Card reader and controller thereof, and method for permission management Download PDFInfo
- Publication number
- TWI835134B TWI835134B TW111117478A TW111117478A TWI835134B TW I835134 B TWI835134 B TW I835134B TW 111117478 A TW111117478 A TW 111117478A TW 111117478 A TW111117478 A TW 111117478A TW I835134 B TWI835134 B TW I835134B
- Authority
- TW
- Taiwan
- Prior art keywords
- specific
- memory device
- card
- card reader
- controller
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 13
- 230000015654 memory Effects 0.000 claims description 35
- 230000006870 function Effects 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 8
- 238000007726 management method Methods 0.000 claims description 6
- 230000004224 protection Effects 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 10
- 238000003780 insertion Methods 0.000 description 7
- 230000037431 insertion Effects 0.000 description 7
- 230000002093 peripheral effect Effects 0.000 description 7
- 238000003032 molecular docking Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000029058 respiratory gaseous exchange Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0632—Configuration or reconfiguration of storage systems by initialisation or re-initialisation of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0653—Monitoring storage devices or systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
本發明是關於讀卡機,尤指一種讀卡機及其控制器以及權限管理方法。 The present invention relates to a card reader, and in particular, to a card reader, its controller and an authority management method.
隨著數位化時代的來臨,數位資料已慢慢的取代紙本等實體資料。為了避免有心人士取得私密資料,許多廠商推出了具備安全機制的隨身碟以保護儲存在其內的資料。例如,隨身碟上可配置有可輸入密碼的數字鍵盤或者可感測指紋的辨識模組。然而,上述作法使得有心人士能輕易地得知這樣的設備儲存了私密資料在其中。此外,相較於典型的隨身碟,這樣的設備需要額外安裝鍵盤模組或是指紋辨識模組在其上,除了造成產品體積的增加外,也讓製造成本大幅提升而不易普及。 With the advent of the digital age, digital data has slowly replaced physical data such as paper. In order to prevent malicious parties from obtaining private information, many manufacturers have launched flash drives with security mechanisms to protect the data stored in them. For example, the flash drive can be equipped with a numeric keyboard for entering passwords or an identification module that can sense fingerprints. However, this approach makes it easy for interested parties to learn that such devices store private information. In addition, compared with a typical flash drive, such a device requires an additional keyboard module or fingerprint recognition module to be installed on it. In addition to increasing the size of the product, it also significantly increases the manufacturing cost and makes it difficult to popularize.
因此,需要一種新穎的方法以及相關架構,以在沒有副作用或較不會帶來副作用的情況下提供相關安全機制以保護儲存裝置中的私密資料。 Therefore, a novel method and related architecture are needed to provide relevant security mechanisms to protect private data in storage devices with no or less side effects.
本發明的目的在於提供一種讀卡機及其控制器以及權限管理方法,以在維持典型的讀卡機的功能及外觀的情況下提供記憶裝置的資訊安全機制。 The object of the present invention is to provide a card reader, its controller and a rights management method, so as to provide an information security mechanism for a memory device while maintaining the functions and appearance of a typical card reader.
本發明至少一實施例提供一種讀卡機。該讀卡機包含一儲存裝置以及一控制器,其中該控制器耦接至該儲存裝置。該儲存裝置是用來儲存一特定記憶裝置的特定辨識資料,以及該控制器是用來自插入該讀卡機的一外接記憶 裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果。尤其,該控制器可依據該判斷結果控制是否開放至少一功能的權限。 At least one embodiment of the present invention provides a card reader. The card reader includes a storage device and a controller, wherein the controller is coupled to the storage device. The storage device is used to store specific identification data of a specific memory device, and the controller is used to access an external memory plugged into the card reader. The device receives the identification data of the external memory device and determines whether the external memory device is the specific memory device based on the identification data and the specific identification data to generate a judgment result. In particular, the controller can control whether to open the permission of at least one function based on the judgment result.
本發明至少一實施例提供一種讀卡機的控制器。該控制器包含一處理電路,以及該處理電路耦接至一儲存裝置。該處理電路是用來依據該儲存裝置內的資料控制該控制器的運作,其中該儲存裝置是用來儲存一特定記憶裝置的特定辨識資料。例如,該控制器可自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果。尤其,該控制器可依據該判斷結果控制是否開放至少一功能的權限。 At least one embodiment of the present invention provides a controller of a card reader. The controller includes a processing circuit, and the processing circuit is coupled to a storage device. The processing circuit is used to control the operation of the controller based on data in the storage device, wherein the storage device is used to store specific identification data of a specific memory device. For example, the controller can receive the identification data of the external memory device from an external memory device inserted into the card reader, and determine whether the external memory device is the specific memory device based on the identification data and the specific identification data to generate One judgment result. In particular, the controller can control whether to open the permission of at least one function based on the judgment result.
本發明至少一實施例提供一種權限管理方法,其中該方法是可應用於(applicable to)一讀卡機的一控制器。該方法包含:利用該控制器自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料;利用該控制器依據該辨識資料判斷該外接記憶裝置是否為一特定記憶裝置,以產生一判斷結果;以及利用該控制器依據該判斷結果控制是否開放至少一功能的權限。 At least one embodiment of the present invention provides a rights management method, wherein the method is applicable to a controller of a card reader. The method includes: using the controller to receive identification data of the external memory device from an external memory device inserted into the card reader; using the controller to determine whether the external memory device is a specific memory device based on the identification data to generate A judgment result; and using the controller to control whether to open the permission of at least one function based on the judgment result.
本發明的實施例提供的讀卡機及其控制器以及方法能將特定記憶裝置作為鑰匙,其中當某個使用者欲存取受保護的內嵌記憶體時,需要將該特定記憶裝置插入讀卡機才能取得存取該內嵌記憶體的權限。由於讀卡機的插槽為許多電子裝置既有的機構,因此較不容易引起有心人士的注意。此外,本發明的實施例不會大幅地增加額外成本。因此,本發明能在沒有副作用或較不會帶來副作用的情況下解決相關技術的問題。 The card reader and its controller and method provided by embodiments of the present invention can use a specific memory device as a key. When a user wants to access a protected embedded memory, the specific memory device needs to be inserted into the reader. Only the card machine can gain access to the embedded memory. Since the card reader slot is an existing mechanism in many electronic devices, it is less likely to attract the attention of interested parties. Furthermore, embodiments of the present invention do not impose significant additional costs. Therefore, the present invention can solve the problems of related technologies with no or less side effects.
10,30:電子裝置 10,30: Electronic devices
50:主裝置 50: Main device
40,60:筆記型電腦 40,60:Laptop
100:讀卡機 100:Card reader
110:讀卡機控制器 110:Card reader controller
110P:處理電路 110P: Processing circuit
110M:儲存裝置 110M: storage device
120,121,122:安全數位記憶卡插座 120,121,122: Secure digital memory card socket
130,131,132,133:嵌入式多媒體記憶卡 130,131,132,133: Embedded multimedia memory card
141,142:LED燈 141,142:LED light
151:系統碟 151:System disk
152:資料碟 152:Data disc
160:USB集線器 160: USB hub
171,172:USB埠 171,172: USB port
180:USB乙太網路 180: USB Ethernet
190:RJ45埠 190:RJ45 port
700:USB擴充基座 700:USB docking station
S210~S240,S510~S550,S810~S830:步驟 S210~S240, S510~S550, S810~S830: steps
第1圖為依據本發明一實施例之一電子裝置的示意圖。 FIG. 1 is a schematic diagram of an electronic device according to an embodiment of the present invention.
第2圖為依據本發明一實施例之將安全數位記憶卡當作鑰匙的工作流程。 Figure 2 shows the workflow of using a secure digital memory card as a key according to an embodiment of the present invention.
第3圖為依據本發明一實施例之一電子裝置的示意圖。 FIG. 3 is a schematic diagram of an electronic device according to an embodiment of the present invention.
第4圖為依據本發明一實施例之一筆記型電腦的示意圖。 Figure 4 is a schematic diagram of a notebook computer according to an embodiment of the present invention.
第5圖為依據本發明一實施例之利用安全數位記憶卡解鎖第4圖所示之筆記型電腦的工作流程。 Figure 5 illustrates the workflow of using a secure digital memory card to unlock the notebook computer shown in Figure 4 according to an embodiment of the present invention.
第6圖為依據本發明一實施例之一筆記型電腦的示意圖。 Figure 6 is a schematic diagram of a notebook computer according to an embodiment of the present invention.
第7圖為依據本發明一實施例之一擴充基座裝置的示意圖。 Figure 7 is a schematic diagram of an expansion base device according to an embodiment of the present invention.
第8圖為依據本發明一實施例之一種權限管理方法的工作流程。 Figure 8 is a work flow of a rights management method according to an embodiment of the present invention.
第1圖為依據本發明一實施例之一電子裝置10的示意圖,其中電子裝置10可包含一主裝置50以及一讀卡機100。主裝置50的例子可包含(但不限於)一單晶片系統(system on a chip,SoC)以及一晶片組(chipset),其中主裝置50可透過讀卡機100存取一或多個記憶卡。讀卡機100可作為一橋接器以用來將記憶卡的協議諸如安全數位(secure digital)記憶卡使用的安全數位協議、安全數位快捷(SD Express)記憶卡使用的快捷外設組件互連(Peripheral Component Interconnect Express,PCIe)協議、多媒體記憶卡(Multimedia Card,MMC)及嵌入式多媒體記憶卡(embedded MMC,eMMC)使用的多媒體記憶卡協議、以及通用快閃記憶體儲存(Universal Flash Storage,UFS)使用的通用快閃記憶體儲存協議轉換為主裝置50使用的協議諸如通用序列匯流排(Universal Serial Bus,USB)協議。
Figure 1 is a schematic diagram of an
如第1圖所示,讀卡機100可包含一讀卡機控制器110、一儲存裝置110M、一安全數位記憶卡插座(簡稱SD插座)120、一嵌入式儲存裝置諸如嵌
入式多媒體記憶卡130(在第1圖中標示為「eMMC」以求簡明)、以及一或多個信號燈諸如發光二極體(light-emitting diode,簡稱LED)燈141及142(在第l圖中標示為「LED」以求簡明)。讀卡機控制器110可包含一處理電路110P,其中儲存裝置110M耦接至讀卡機控制器110(例如其內的處理電路110P)。在本實施例中,SD插座120可外露在讀卡機100的外殼,以容許使用者將任一安全數位記憶卡(簡稱SD卡)插入讀卡機100。嵌入式多媒體記憶卡130則可設置在讀卡機100的內部而不會外露,其中本實施例的嵌入式多媒體記憶卡130是設置在讀卡機100的內部,但本發明不限於此。需注意的是,本實施例的SD插座120以及嵌入式多媒體記憶卡130只是為了說明之目的,並非對本發明的限制。在某些實施例中,其他標準的記憶卡插座可作為SD插座120的替代設計,而符合通用快閃記憶體儲存標準或是快捷非揮發性記憶體(non-volatile memory express,NVMe)標準的嵌入式儲存裝置以及以機構的方式內嵌在讀卡機100內部的SD卡均可作為嵌入式多媒體記憶卡130的替代設計。
As shown in Figure 1, the
需注意的是,儲存裝置110M是實施在讀卡機控制器110的外部,但本發明不限於此。在某些實施例中,儲存裝置110M可為讀卡機控制器110的一部分(例如儲存裝置110M可被內建於讀卡機控制器110中)。
It should be noted that the
在本實施例中,電子裝置10可為一個具備讀卡機的設備,但本發明不限於此。在某些實施例中,讀卡機100與主裝置50可為各自獨立的設備,例如讀卡機100可為外接式的讀卡機,而主裝置50可為桌上型電腦、膝上型電腦、或任意可連接讀卡機的設備,其中讀卡機100可透過符合通用序列匯流排的連接線與主裝置50互相連接,但本發明不限於此。
In this embodiment, the
在本實施例中,儲存裝置110M可用來儲存一特定記憶裝置的特定辨識資料。讀卡機控制器110可用來自插入讀卡機100(例如SD插座120)的一外接記憶裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨
識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果,其中讀卡機控制器110可依據該判斷結果控制是否開放至少一功能的權限。具體來說,任一記憶卡的製造商、卡片名稱、版本、序號及/或製造日期等資訊可被記錄為所述任一記憶卡的辨識資料。以SD卡為例,任一SD卡可具有記憶卡辨識暫存器(Card Identification register,CID)以記錄上述辨識資料。尤其,這個辨識資料典型地是獨一無二的,因此可以被用來辨別不同張記憶卡。具體來說,當某一外接記憶裝置(例如一特定SD卡)被選定為用來開啟上述至少一功能的權限的鑰匙時,這個外接記憶裝置的辨識資料可在插入讀卡機100時透過軟體被記錄在儲存裝置110M中,或是由製造商直接寫入相關資訊於儲存裝置110M中,但不限於以上方法,以供後續辨識之用,其中該特定SD卡可為上述特定記憶裝置的例子,以及該特定SD卡的記憶卡辨識資料可為上述特定辨識資料的例子。
In this embodiment, the
在本實施例中,讀卡機100可將邏輯單元號(logic unit number,LUN)#0對應至插入SD插座120的SD卡,並且將邏輯單元號#1對應至嵌入式多媒體記憶卡130。然而,由於與邏輯單元號#1對應的嵌入式多媒體記憶卡130不會外露在電子裝置10的外部,因此雖然讀卡機100為多邏輯單元號(multi-LUN)讀卡機,但在外觀上讀卡機100則類似單邏輯單元號(single-LUN)讀卡機。當讀卡機100被上電並且連接至主裝置50時,若未有任何記憶卡插入SD插座120,讀卡機100可避免傳送任何嵌入式多媒體記憶卡130的資料至主裝置50。若使用者將該特定SD卡插入SD插座120,讀卡機控制器110可判斷該特定SD卡的辨識資料與儲存裝置110M中的辨識資料相符合,因此除了該特定SD卡的資料可被傳送至主裝置50以外,嵌入式多媒體記憶卡130的資料也可被傳送至主裝置50。相對的,若使用者將該特定SD卡以外的任意記憶卡插入SD插座120,由於這張記憶卡的辨識資料與儲存裝置110M中的辨識資料不相符,因此該判斷結果可指出這張記憶卡不是該特定SD卡,讀卡機控制器110可避免開放存取與邏輯單元號#1對應的
記憶體(即嵌入式多媒體記憶卡130)內的資料的權限。例如,當該判斷結果可指出該這張記憶卡不是該特定SD卡時,讀卡機控制器110可通知主裝置50邏輯單元號#1不存在,而主裝置50則無法存取嵌入式多媒體記憶卡130。
In this embodiment, the
第2圖為依據本發明一實施例之將SD卡當作鑰匙的工作流程,其中該工作流程是可應用於(applicable to)第1圖所示之讀卡機100。需注意的是,第2圖所示之工作流程只是為了說明之目的,並非對本發明的限制。尤其,一或多個步驟可在第2圖所示之工作流程被新增、刪除或修改。此外,只要不妨礙整體結果,這些步驟並非必須完全依照第2圖所示之步驟執行。
Figure 2 shows a workflow for using an SD card as a key according to an embodiment of the present invention, where the workflow is applicable to the
在步驟S210中,使用者可將SD卡插入讀卡機100,使得這張SD卡對應於邏輯單元號#0(在第2圖中標示為「插入SD卡,對應於LUN0」以求簡明)。
In step S210, the user can insert the SD card into the
在步驟S220中,讀卡機控制器110可檢查這張SD卡的記憶卡辨識資料以判斷這張SD卡的辨識資料是否已被記錄在讀卡機100(例如記錄在儲存裝置110M)中(在第2圖中標示為「檢查SD卡的CID以判斷是否為特定SD卡」以便於理解)。若判斷結果為「是」,進入步驟S230;若判斷結果為「否」,進入步驟S240。
In step S220, the
在步驟S230中,讀卡機控制器110可將邏輯單元號#1回報至主裝置50,以容許主裝置50存取對應於邏輯單元號#1的記憶體(在第2圖中標示為「顯示LUN1」以求簡明)。
In step S230, the
在步驟S240中,讀卡機控制器110可避免將邏輯單元號#1回報至主裝置50,以避免主裝置50存取對應於邏輯單元號#1的記憶體(在第2圖中標示為「不顯示LUN1」以求簡明)。
In step S240, the
為了進一步提升與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料的安全性,當讀卡機控制器110產生的判斷結果指出該外接記憶裝置是該特定記憶裝置時(例如當該判斷結果指出插入讀卡機100的
記憶卡為該特定SD卡時),讀卡機控制器110可進一步偵測該特定記憶裝置的一插拔樣態以產生一偵測結果。舉例來說,使用者或廠商除了可預先將該特定SD卡的辨識資料記錄在儲存裝置110M以外,還可預先將該特定SD卡的一特定插拔樣態(例如特定插拔方式)進行編碼,以產生對應於該特定插拔樣態的一編碼結果,並且將該編碼結果記錄在儲存裝置110M中。當該偵測結果指出該特定SD卡的插拔樣態符合該特定插拔樣態時,讀卡機控制器110可容許主裝置50存取嵌入式多媒體記憶卡130。當該偵測結果指出該特定SD卡的插拔樣態不符合該特定插拔樣態時,讀卡機控制器110可避免主裝置50存取嵌入式多媒體記憶卡130。
In order to further enhance the security of the private data in the memory corresponding to the logical unit number #1 (such as the embedded multimedia memory card 130), when the judgment result generated by the
在某些實施例中,該插拔樣態可包含該特定記憶裝置在一特定時段內的插拔次數。例如,記錄在儲存裝置110M的編碼結果可對應於在一特定時段(例如三十秒)內以一特定次數(例如三次)插拔該特定SD卡,其中使用者須以該特定次數插拔該特定SD卡(例如在三十秒內)才能開啟存取嵌入式多媒體記憶卡130的權限(例如使用者須在三十秒內插拔該特定SD卡三次才能使得嵌入式多媒體記憶卡130內的資料被顯示)。
In some embodiments, the plugging and unplugging pattern may include the number of plugging and unplugging of the specific memory device within a specific period of time. For example, the encoding result recorded in the
在某些實施例中,該插拔樣態可包含該特定記憶裝置分別在多個特定時段內的多個插拔次數。例如,記錄在儲存裝置110M的編碼結果可對應於分別在多個特定時段(例如三十秒的第一特定時段、三十秒的第二特定時段以及三十秒的第三特定時段)內以對應的次數插拔該特定SD卡(例如在該第一特定時段內插拔該特定SD卡兩次、在該第二特定時段內插拔該特定SD卡五次、以及在該第三特定時段內插拔該特定SD卡四次),其中使用者須分別在該多個特定時段內以對應的次數插拔該特定SD卡才能開啟存取嵌入式多媒體記憶卡130的權限(例如使用者須在該第一特定時段內插拔該特定SD卡兩次、在該第二特定時段內插拔該特定SD卡五次、並且在該第三特定時段內插拔該特定SD卡四次,才能使得嵌入式多媒體記憶卡130內的資料被顯示)。這時會由讀卡機LED燈號協
助使用者判斷插卡時機。在第1圖的實施例中,讀卡機100的LED燈141可用來表示電源狀態,其中在未有任何SD卡被插入SD插座130的情況下,LED燈141可為恆亮。另外,LED燈142可用來表示資料的讀/寫狀態,其中LED燈142可閃爍以指出有資料正在透過讀卡機100進行讀/寫。在本實施例中,LED燈141的燈號可用來提示使用者目前的輸入狀態(例如用來界定該第一特定時段、該第二特定時段以及該第三特定時段)。例如,在該特定SD卡第一次被插入讀卡機100後,LED燈141可閃爍三十秒以提示使用者目前已進入該第一特定時段,其中在該第一特定時段內需要插拔該特定SD卡兩次,因此使用者須在三十秒內再插拔該特定SD卡一次,而三十秒過後,LED燈141可變為恆亮以提示使用者可開始下一輪的輸入。當使用者在LED燈141變為恆亮後重新插入該特定SD卡後,LED燈141可閃爍三十秒以提示使用者目前已進入該第二特定時段,其中在該第二特定時段內需要插拔該特定SD卡五次,因此使用者須在三十秒內再插拔該特定SD卡四次,而三十秒過後,LED燈141可變為恆亮以提示使用者可開始下一輪的輸入。當使用者在LED燈141變為恆亮後重新插入該特定SD卡後,LED燈141可閃爍三十秒以提示使用者目前已進入該第三特定時段,其中在該第三特定時段內需要插拔該特定SD卡三次,因此使用者須在三十秒內再插拔該特定SD卡兩次並且在最後將該特定SD卡留在SD插座120上,而三十秒過後,LED燈141可變為恆亮。使用者須在該第一特定時段、該第二特定時段以及該第三特定時段內均以正確的次數插拔該特定SD卡,對應於邏輯單元號#1的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料才得以被顯示。
In some embodiments, the plugging and unplugging pattern may include a plurality of plugging and unplugging times of the specific memory device within a plurality of specific time periods. For example, the encoding results recorded in the
需注意的是,上述利用LED燈號提示使用者當下的輸入階段的方式只是為了說明之目的,並非對本發明的限制。在某些實施例中,上述LED燈號可透過呼吸燈、變色、或是其他方式來提示使用者。 It should be noted that the above method of using LED lights to remind the user of the current input stage is only for illustrative purposes and does not limit the present invention. In some embodiments, the above-mentioned LED light signal can remind the user through breathing light, color change, or other means.
在某些實施例中,該插拔樣態可包含該特定SD卡分別在該多個特定
時段內的多個寫保護開關狀態。具體來說,SD卡可具備寫保護開關(又稱防寫開關)以供讀卡機100判斷此張SD卡是否處在寫保護狀態,而SD卡的寫保護開關可用來增加該特定插拔樣態的編碼的複雜性。例如,在該第一特定時段內,該特定SD卡的寫保護開關需被開啟;在該第二特定時段,該特定SD卡的寫保護開關需被關閉;以及在該第三特定時段,該特定SD卡的寫保護開關需被開啟。使用者須在該第一特定時段、該第二特定時段以及該第三特定時段內均使寫保護開關在正確的狀態,對應於邏輯單元號#1的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料才得以被顯示。需注意的是,上述利用寫保護開關提供該插拔樣態的變化是以SD卡為例,若該特定記憶裝置是以其他類型的記憶卡來實施,這些記憶卡上的任意機構開關也能以類似的方式應用於本發明的插拔樣態的編碼。
In some embodiments, the plugging and unplugging state may include the specific SD card being in the plurality of specific
Multiple write-protect switch states within a time period. Specifically, the SD card can be equipped with a write-protect switch (also called an anti-write switch) for the
在某些實施例中,該插拔樣態可包含該特定記憶裝置維持在被插入的狀態的時間長度。例如,該特定記憶裝置維持在被插入的狀態的時間長度須符合記錄在儲存裝置110M裡的編碼結果所對應的時間長度,與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料才得以被顯示。
In some embodiments, the plugging status may include the length of time that the particular memory device remains plugged in. For example, the length of time that the specific memory device remains in the inserted state must comply with the length of time corresponding to the encoding result recorded in the
在某些實施例中,上述利用插拔次數、多時段的偵測、機構開關的位置以及插入時間長度來產生的插拔樣態的變化可使用其中的一或多者進行組合,以盡可能地提升插拔樣態的複雜度,從而提升整體安全性。為簡明起見,相關的實施變化在此不贅述。 In some embodiments, the above-mentioned changes in plugging and unplugging patterns generated by the number of plugging and unplugging, multi-period detection, the position of the mechanism switch, and the length of plugging time can be combined using one or more of them to achieve as much as possible. This greatly increases the complexity of plugging and unplugging, thereby improving overall security. For the sake of brevity, relevant implementation changes are not described here.
在某些實施例中,當對應於邏輯單元號#0的記憶體(例如插在SD插座120上的該特定SD卡)被拔掉後,存取與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)的權限可被立刻關閉。在某些實施例中,當對應於邏輯單元號#0的記憶體(例如插在SD插座120上的該特定SD卡)被拔掉後,存取與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)的權限可在延遲一
段預定時間後被關閉。需注意的是,只要在讀卡機100被斷電後,下一次上電均需要再次透過該特定SD卡及/或上述插拔樣態的驗證,才可再次開啟存取嵌入式多媒體記憶卡130的權限。
In some embodiments, when the memory corresponding to logical unit number #0 (such as the specific SD card inserted in the SD socket 120) is removed, the memory corresponding to logical unit number #1 is accessed ( For example, the permissions of the embedded multimedia memory card 130) can be closed immediately. In some embodiments, when the memory corresponding to logical unit number #0 (such as the specific SD card inserted in the SD socket 120) is removed, the memory corresponding to logical unit number #1 is accessed ( For example, the permissions of the embedded multimedia memory card 130) can be delayed for a period of time.
It is closed after a predetermined period of time. It should be noted that as long as the
第3圖為依據本發明一實施例之一電子裝置30的示意圖,其中電子裝置30可包含主裝置50以及讀卡機300。需注意的是,讀卡機300可為讀卡機100的例子,而讀卡機控制器110(及其內的處理電路110P)、儲存裝置110M、以及LED燈141及142的相關細節在此不重複贅述。如第3圖所示,讀卡機300可支援五個邏輯單元號,其中SD插座121(例如插入SD插座121的記憶卡)可對應於邏輯單元號#0,SD插座122(例如插入SD插座122的記憶卡)可對應於邏輯單元號#1,以及嵌入式多媒體記憶卡131、132及133可分別對應於邏輯單元號#2、#3及#4。SD插座121及122的任一者(例如每一者)可為SD插座120的例子,以及嵌入式多媒體記憶卡131、132及133的任一者(例如每一者)可為嵌入式多媒體記憶卡130的例子。
Figure 3 is a schematic diagram of an
需注意的是,邏輯單元號#2、#3及#4並非必須全部都以上述機制進行保護。例如,分別與邏輯單元號#3及#4對應的記憶體(例如嵌入式多媒體記憶卡132及133)內的私密資料可藉由上述安全機制進行保護,而與邏輯單元號#2對應的記憶體(例如嵌入式多媒體記憶卡131)內的資料則預設為可存取的。因此,當讀卡機300被上電或是被連接到主裝置50後,儘管在未有任何SD卡被插入SD插座121及122的情況下,嵌入式多媒體記憶卡131內的資料依然可被顯示。相較之下,使用者需要藉助於特定SD才能開啟存取嵌入式多媒體記憶卡132及133的權限。在某些實施例中,存取嵌入式多媒體記憶卡132及133的權限可透過同一張特定SD卡來開啟。例如,不論這張特定SD卡被插入SD插座121及122的哪一個SD插座,存取嵌入式多媒體記憶卡132及133的權限均可被開啟。在某些實施例中,存取嵌入式多媒體記憶卡132的權限可透過將一特定SD卡插入SD插座
121來開啟,以及存取嵌入式多媒體記憶卡133的權限可透過將這個特定SD卡插入SD插座122來開啟。在某些實施例中,存取嵌入式多媒體記憶卡132的權限可透過將一第一特定SD卡插入SD插座121及122的任一者來開啟,以及存取嵌入式多媒體記憶卡133的權限可透過將一第二特定SD卡插入SD插座121及122的任一者來開啟。在某些實施例中,存取嵌入式多媒體記憶卡132的權限可透過將一第一特定SD卡插入SD插座121來開啟,以及存取嵌入式多媒體記憶卡133的權限可透過將一第二特定SD卡插入SD插座122來開啟。需注意的是,由於SD卡典型地難以被複製,儲存裝置110M可記錄多個第一特定SD卡以及多個第二特定SD卡,其中該多個第一特定SD卡的任一者均可被插入SD插座121以開啟存取嵌入式多媒體記憶卡132的權限,以及該多個第二特定SD卡的任一者均可被插入SD插座122以開啟存取嵌入式多媒體記憶卡133的權限。
It should be noted that logical unit numbers #2, #3, and #4 do not all have to be protected by the above mechanism. For example, the private data in the memories corresponding to logical unit numbers #3 and #4 (such as embedded
上述針對多個邏輯單元號的存取權限的控制,除了可透過隱藏私密資料達到安全防護之目的外,使用者也可將工作資料與私人資料儲存在不同位置(例如對應於不同邏輯單元號的記憶體),藉助於上述存取權限控制避免操作錯誤。 The above-mentioned control of access rights for multiple logical unit numbers can not only achieve security protection by hiding private data, users can also store work data and private data in different locations (for example, corresponding to different logical unit numbers). memory), with the help of the above access control to avoid operational errors.
在某些實施例中,讀卡機100(例如讀卡機300)可利用嵌入式多媒體記憶卡130(例如多媒體記憶卡131、132及133的任一者)本身提供的安全保護機制對其內的資料進行加密或是讀卡機100(例如讀卡機300)內建的加解密機制對資料進行加密,而當該特定SD卡被插入時,讀卡機100可對與特定邏輯單元號對應的記憶體(例如嵌入式多媒體記憶卡130)內的資料進行解密。如此一來,儘管有心人士可將設置在讀卡機100內部的嵌入式多媒體記憶卡130強行取出,但依然無法成功地對其內的資料進行解密以供讀取。
In some embodiments, the card reader 100 (such as the card reader 300) can utilize the security protection mechanism provided by the embedded multimedia memory card 130 (such as any of the
另外,上述的讀卡機100或讀卡機300可被應用於任何內建讀卡機的裝置諸如桌上型電腦以及筆記型電腦的解鎖運作。第4圖為依據本發明一實施例
之一筆記型電腦40的示意圖,其中讀卡機100(尤指讀卡機控制器110、儲存裝置110M以及SD插座120)可被內建在筆記型電腦40中。在本實施例中,當使用者欲對筆記型電腦40進行解鎖及登入時,使用者需將該特定SD卡插入SD插座120,而讀卡機控制器110在偵測到該特定SD卡被插入後可透過符合快捷外設組件互連協議的介面(在第4圖中標示為「PCIe」以求簡明)或通用型輸入輸出(General-purpose input/output)介面(在第4圖中標示為「GPIO」以求簡明)與主裝置50相耦接並進行溝通,其中主裝置50可因應讀卡機控制器110傳送的偵測結果控制是否解鎖筆記型電腦40以供使用者登入。
In addition, the above-mentioned
第5圖為依據本發明一實施例之利用特定SD卡解鎖第4圖所示之筆記型電腦40的工作流程。需注意的是,第5圖所示之工作流程只是為了說明之目的,並非對本發明的限制。尤其,一或多個步驟可在第5圖所示之工作流程被新增、刪除或修改。此外,只要不妨礙整體結果,這些步驟並非必須完全依照第5圖所示之步驟執行。
Figure 5 illustrates the workflow of using a specific SD card to unlock the
在步驟S510中,使用者可將SD卡插入讀卡機(例如第4圖所示之SD插座120)。
In step S510, the user can insert the SD card into a card reader (such as the
在步驟S520中,讀卡機控制器110可檢查這張SD卡的記憶卡辨識資料以判斷這張SD卡的辨識資料是否已被記錄在儲存裝置110M中(在第5圖中標示為「檢查SD卡的CID以判斷是否為特定SD卡」以便於理解)。若判斷結果為「是」,進入步驟S530;若判斷結果為「否」,進入步驟S550。
In step S520, the
在步驟S530中,讀卡機控制器110可通知主裝置50的系統硬體及軟體該SD卡確實是該特定SD卡(在第5圖中標示為「通知系統硬體及軟體」以求簡明)。
In step S530, the
在步驟S540中,主裝置50可解鎖筆記型電腦40以供使用者登入。
In step S540, the
在步驟S550中,主裝置50可將筆記型電腦40維持在鎖定狀態(在第5
圖中標示為「無動作」以求簡明)。
In step S550, the
第6圖為依據本發明一實施例之一筆記型電腦60的示意圖,其中讀卡機100(尤指其內的讀卡機控制器110、儲存裝置110M以及SD插座120)可被內建在筆記型電腦60中。在本實施例中,讀卡機控制器110可透過符合快捷外設組件互連協議的介面或通用型輸入輸出介面控制筆記型電腦60中的一或多個儲存裝置(例如固態硬碟)的存取權限。例如,筆記型電腦60可包含系統硬碟151(在第6圖中標示為「系統碟」以求簡明)以及資料硬碟152(在第6圖中標示為「資料碟」以求簡明),其中主裝置50可透過符合快捷外設組件互連協議的介面(在第6圖標示為「PCIe」以求簡明)與系統硬碟151以及資料硬碟152進行溝通,以及讀卡機控制器110可透過通用型輸入輸出介面(在第6圖標示為「GPIO」以求簡明)與資料硬碟152進行溝通。具體來說,筆記型電腦60可總是顯示系統硬碟151,而資料硬碟152則可透過本發明的安全機制進行保護,因此預設地不會顯示在筆記型電腦60的作業系統上(例如資料硬碟152的電源在一開始可預設為關閉狀態)。當使用者插入該特定SD卡後,讀卡機控制器110可透過通用型輸入輸出介面開啟資料硬碟152的電源或是致能開關,並且以符合快捷外設組件互連協議的介面的熱插拔(hot plug)機制使得資料硬碟152的資料被顯示於筆記型電腦60的作業系統上。
Figure 6 is a schematic diagram of a
第7圖為依據本發明一實施例之符合通用序列匯流排協議的擴充基座裝置700(簡稱「USB擴充基座」)的示意圖。在本實施例中,USB擴充基座700可包含一讀卡機(尤指其內的SD插座121及122、讀卡機控制器110以及儲存裝置110M),且可另包含符合通用序列匯流排協議的集線器160(簡稱「USB集線器」)、符合通用序列匯流排協議的連接埠171及172(簡稱為「USB埠」)、符合通用序列匯流排協議的乙太網路裝置180(簡稱為「USB乙太網路」)以及RJ45埠190。在本實施例中,USB集線器160的擴充功能(例如用來耦接主裝置50、
USB埠171及172、以及USB乙太網路180的一或多個擴充介面執行的運作)可預設為關閉狀態,其中使用者可將該特定SD卡插入SD插座121或122,以及當讀卡機控制器110偵測到該特定SD卡已被插入時,讀卡機控制器110可透過通用型輸入輸出介面(在第7圖標示為「GPIO」以求簡明)致能USB集線器160的擴充功能。因此,本發明能避免沒有權限的使用者(例如未將該特定SD卡插入SD插座121或122的使用者)使用USB擴充基座700的擴充功能。
FIG. 7 is a schematic diagram of a docking station device 700 (referred to as a "USB docking station") that complies with the Universal Serial Bus protocol according to an embodiment of the present invention. In this embodiment, the
需注意的是,以上實施例所述之符合快捷外設組件互連協議的介面、符合通用序列匯流排協議的介面、以及通用型輸入輸出介面只是為了說明之目的,並非對本發明的限制。只要不影響整體實施,這些介面的實施均可予以變化。 It should be noted that the interfaces that comply with the Fast Peripheral Component Interconnect Protocol, the interfaces that comply with the Universal Serial Bus Protocol, and the universal input and output interfaces described in the above embodiments are for illustration purposes only and do not limit the present invention. The implementation of these interfaces can be changed as long as it does not affect the overall implementation.
第8圖為依據本發明一實施例之一種權限管理方法的工作流程,其中該方法是可應用於一讀卡機的控制器諸如以上實施例的讀卡機控制器110。需注意的是,第8圖所示之工作流程只是為了說明之目的,並非對本發明的限制。尤其,一或多個步驟可在第8圖所示之工作流程被新增、刪除或修改。此外,只要不妨礙整體結果,這些步驟並非必須完全依照第8圖所示之步驟執行。
Figure 8 is a work flow of a rights management method according to an embodiment of the present invention, wherein the method can be applied to a card reader controller such as the
在步驟S810中,讀卡機控制器110可自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料。
In step S810, the
在步驟S820中,讀卡機控制器110可依據該辨識資料判斷該外接記憶裝置是否為一特定記憶裝置(例如該特定SD卡),以產生一判斷結果。
In step S820, the
在步驟S830中,讀卡機控制器可依據該判斷結果控制是否開放至少一功能的權限。 In step S830, the card reader controller may control whether to open the permission of at least one function based on the judgment result.
總結來說,本發明的實施例所提供的讀卡機以及相關方法能把特定外接記憶裝置當作鑰匙以解鎖電子裝置的一或多個功能。此外,本發明的實施例可將該特定外接記憶裝置的插拔樣態(例如插拔次數或插拔手法)當成密碼, 以在不需新增額外鍵盤或是指紋模組的情況下建立資料保護機制。由於本發明能維持典型的讀卡機既有的功能以及外觀,因此本發明能在沒有副作用或較不會帶來副作用的情況下提供有效的資料保護機制。 In summary, the card reader and related methods provided by embodiments of the present invention can use a specific external memory device as a key to unlock one or more functions of the electronic device. In addition, embodiments of the present invention can use the plugging and unplugging mode (such as the number of plugs and pulls or the plugging method) of the specific external memory device as a password. A data protection mechanism can be established without adding additional keyboards or fingerprint modules. Since the present invention can maintain the existing functions and appearance of a typical card reader, the present invention can provide an effective data protection mechanism with no or less side effects.
以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。 The above are only preferred embodiments of the present invention, and all equivalent changes and modifications made in accordance with the patentable scope of the present invention shall fall within the scope of the present invention.
10:電子裝置 10: Electronic devices
50:主裝置 50: Main device
100:讀卡機 100:Card reader
110:讀卡機控制器 110:Card reader controller
110P:處理電路 110P: Processing circuit
110M:儲存裝置 110M: storage device
120:安全數位記憶卡插座 120: Secure digital memory card socket
130:嵌入式多媒體記憶卡 130:Embedded multimedia memory card
141,142:發光二極體燈 141,142:LED lamp
Claims (7)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW111117478A TWI835134B (en) | 2022-05-10 | 2022-05-10 | Card reader and controller thereof, and method for permission management |
US18/140,578 US20230367490A1 (en) | 2022-05-10 | 2023-04-27 | Card reader and controller, and method for permission management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW111117478A TWI835134B (en) | 2022-05-10 | 2022-05-10 | Card reader and controller thereof, and method for permission management |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202344989A TW202344989A (en) | 2023-11-16 |
TWI835134B true TWI835134B (en) | 2024-03-11 |
Family
ID=88698856
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW111117478A TWI835134B (en) | 2022-05-10 | 2022-05-10 | Card reader and controller thereof, and method for permission management |
Country Status (2)
Country | Link |
---|---|
US (1) | US20230367490A1 (en) |
TW (1) | TWI835134B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI806262B (en) * | 2021-11-29 | 2023-06-21 | 慧榮科技股份有限公司 | Bridge device and data storage system |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005266952A (en) * | 2004-03-16 | 2005-09-29 | Toshiba Corp | Memory card control device, semiconductor memory card, card interface controller, and authentication method for semiconductor memory card |
JP2008158778A (en) * | 2006-12-22 | 2008-07-10 | Fujitsu Ltd | Personal identification program, method, and system |
US8887270B2 (en) * | 2007-11-12 | 2014-11-11 | Micron Technology, Inc. | Smart storage device |
TWI444829B (en) * | 2010-04-19 | 2014-07-11 | Transcend Information Inc | Removable card reader and operation method thereof |
CN105144025B (en) * | 2013-05-31 | 2019-02-12 | 惠普发展公司,有限责任合伙企业 | Mass-memory unit |
US20190034668A1 (en) * | 2016-09-07 | 2019-01-31 | Hewlett-Packard Development Company, L.P. | Docking computing devices to a docking station |
US10305916B2 (en) * | 2017-01-02 | 2019-05-28 | Monument Labs, Inc. | Personal cloud device for digital media |
US10489335B1 (en) * | 2018-09-28 | 2019-11-26 | Silicon Motion, Inc. | Apparatus and method and computer program product for accessing a memory card |
TWI760615B (en) * | 2019-06-05 | 2022-04-11 | 瑞昱半導體股份有限公司 | Method for performing detect control of write protection command of memory device, associated control chip and associated electronic device |
FR3113753B1 (en) * | 2020-08-25 | 2023-05-12 | Idemia France | Method for verifying a microcircuit card, method for personalizing a microcircuit card, microcircuit card and associated electronic device |
-
2022
- 2022-05-10 TW TW111117478A patent/TWI835134B/en active
-
2023
- 2023-04-27 US US18/140,578 patent/US20230367490A1/en active Pending
Also Published As
Publication number | Publication date |
---|---|
TW202344989A (en) | 2023-11-16 |
US20230367490A1 (en) | 2023-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8127150B2 (en) | Data security | |
US7519203B2 (en) | Portable encrypted storage device with biometric identification and method for protecting the data therein | |
US7712131B1 (en) | Method and apparatus for storage and use of diagnostic software using removeable secure solid-state memory | |
RU2321055C2 (en) | Device for protecting information from unsanctioned access for computers of informational and computing systems | |
US8756390B2 (en) | Methods and apparatuses for protecting data on mass storage devices | |
US8122172B2 (en) | Portable information security device | |
US20050216685A1 (en) | Intelligent media storage system | |
US20020073340A1 (en) | Secure mass storage device with embedded biometri record that blocks access by disabling plug-and-play configuration | |
RU2569577C1 (en) | Device to create trusted execution environment for special purpose computers | |
US8844060B2 (en) | Method and system for USB with an integrated crypto ignition key | |
US7620761B2 (en) | Multi-functional storage apparatus and control method thereof | |
JP2006252451A (en) | Storage system | |
TWI835134B (en) | Card reader and controller thereof, and method for permission management | |
TWI566103B (en) | Pcie bridge transformation device and method thereof | |
KR100841982B1 (en) | Memory card storing host identification information and access method thereof | |
TW201019113A (en) | Authenticable USB storage device and method thereof | |
KR101043255B1 (en) | Usb hub device for providing datasecurity and method for providing datasecurity using the same | |
WO2004081706A2 (en) | Method and apparatus for controlling the provision of digital content | |
JP2003099147A (en) | Electronic equipment having authentication function and electronic key device | |
CN117131554A (en) | Card reader, controller and authority management method thereof | |
US11216209B2 (en) | Secure storage using a removable bridge | |
TWI612440B (en) | Information storage system with information security protection | |
CN112905495A (en) | Storage device, operation method thereof and non-volatile memory system | |
KR20050039290A (en) | Storage media protective apparatus and method thereof | |
TWI742318B (en) | Host system and method for unlocking electronic lock |